The present invention relates generally to pattern matching. More particularly, the present invention relates to high-performance pattern matching.
Intrusion Detection systems (IDS) were developed to identify and report attacks in the late 1990s, as hacker attacks and network worms began to affect the Internet. But while traditional IDS technologies detect hostile traffic and send alerts, they do nothing to stop the attacks.
As a result, Network Intrusion Prevention Systems (NIPS) were developed. NIPS are deployed in-line with the network segment being protected. As traffic passes through the NIPS, it is inspected for the presence of an attack. Like viruses, most intruder activities have some sort of signature. Therefore, a pattern-matching module resides at the heart of the NIPS. When an attack is identified, the NIPS blocks the offending data. There is an alleged trade-off between the accuracy of detection and the efficiency of the pattern-matching module. Both are paramount in ensuring that legitimate traffic is not delayed or disrupted as it flows through the device. For this reason, the pattern-matching module must be able to operate at wire speed, while simultaneously detecting the main bulk of intrusions. With networking speeds doubling every year, it is becoming increasingly difficult for software-based solutions to keep up with the line rates.